I have an Ubuntu 14.04 AD DS member server which appears to be binding to AD no problem with the following command:
wbinfo -g
I want to move to using LDAPS now. I configured LDAPS on my 2012 R2 DC and can bind over LDAPS using ldp.exe.
What steps do I need to take on Ubuntu with Samba and Winbind to force it to use LDAPS now?
Best Answer
Give a try to the
smb.conf
settings:ldap ssl = start tls
ldap ssl ads = yes
unfortunately I never tried them myself.
I think you would not need to explicitely enforce encryption for winbindd. If you joined the domain and created a kerberos keytab, winbindd is able to connect to LDAP in AD DC with a SASL/GSSAPI authentication which is pretty secure. The keytab way is the one I tried and I thing it's more reliable (and it's pretty the plain vanilla configuration).